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(54) Stored value system employing a secure encryption protocol 



(57) An encryption method and stored value system 
comprising a host computer, a reader/writer that com- 
municates with the host computer, and an BF trans- 
ponder that communicates with the reader/writer The 
transponder comprises a transponder chip having a 



memory with a plurality of memory sections, which en- 
cryption method protects data stored in the memory. 
The method provides a secure way to increase and de- 
crease the value stored the transponder and to selec- 
tively write and data to and from the transponder. 
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THE READER/WRITER ISSUES OR TRANSMITS AN 
INCREASE VALUE COMMAND PLUS A NEW DESIRED VALUE 

I 
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THE TRANSPONDER RESPONDS BY STORING 
THE DESIRED VALUE IN A TEMPORARY BUFFER 
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THE TRANSPONDER GENERATES A RANDOM NUMBER, 
STORES IT IN THE APPROPRIATE MEMORY SECTION AND 
REPORTS THE RANDOM NUMBER TO THE READER/WRITER 
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THE READER/WRITER CONTACTS THE CENTRAL HOST 
COMPUTER AND SENDS A MESSAGE CONTAINING THE SERIAL 
NUMBER STORED IN THE TRANSPONDER, THE RANDOM NUMBER 
. GENERATED BY THE TRANSPONDER, AND THE DESIRED VALUE 



THE HOST COMPUTER COMPUTES A HASH FUNCTION BASED 
ON THE DATA AND USES A SECRET KEY TO SIGN TH E RESULT 
I 
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THE SIGNATURE IS SENT TO THE READER/WRITER 
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THE READER/WRITER SENDS THE SIGNATURE 
TO THE TRANSPONDER 



THE TRANSPONDER STORES THE SIGNATURE IN THE 
SIGNATURE AREA AND THE DESIRED VALUE IN THE MAXIMUM 
VALUE AND CURRENT VALUE SECTIONS 
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30^ Fig. 2b 

31 J [ THE READER/WRITER ISSUES OR TRANSMITS A 

DECREASE VALUE COMMAND AND THE NEW DESIRED VALUE 

I ~ 
32^ THE TRANJSPONDER COMPARES THE 

DESIRED VALUE TO THE CURRENT VALUE 



IF THE NEW DESIRED VALUE IS LESS THAN THE CURRENT 
^ VALUE, THE TRANSPONDER COMPLETES THE COMMAND BY 
. WRITING THE DESIRED VALUE INTO THE CURRENT VALUE AREA 



IF THE DESIRED VALUE IS GREATER THAN OR EQUAL TO THE 
34 J CURRENT VALUE, THE TRANSPONDER DOES NOT 

WRITE THE NEW VALUE, AND GENERATES AN ERROR MESSAGE 



Fig. 2c 
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THE READER/WRITER ISSUES OR TRANSMITS A 
READ COMMAND PLUS THE DESIRED MEMORY . 
ADDRESS THAT IS TO BE READ 

" I • 

42 «4 THE TRANSPONDER SENDS OR TRANSMITS THE 

REQUESTED DATA TO THE TO READER/WRITER 
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20 Fig. 2d 



51 "i THE READER/WRITER ISSUES OR TRANSMITS A WRITE 

COMMAND, THE DESIRED STORAGE MEMORY ADDRESS, AND 
THE APPROPRIATE DATA TO THE TRANSPONDER 

52^ THE DATA IS THEN STORED IN THE PREDETERMINED 

MEMORY SECTION OF THE CARD TRANSPONDER 
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Description 

The present invention relates to stored value sys- 
tems employing radio frequency transponders, and 
more particularly, to an encryptbn protocol and system 
architecture for use with such stored value systems. 

Prior art relating to the present invention includes 
encryption algorithms such as public key encryption and 
random number generation. However, conventional 
transponders do not empby a system architecture and 
encryption protocol as is described herein. 

There are several stored value systems currently in 
sen/ice that are based on magnetic stripe technology 
One disadvantage of these systems is that it is easy to 
duplicate a magnetic stripe card, for example. As a re- 
sult, the stored value system must implement complex 
algorithms to prevent fraud. These are discussed below. 

The present invention is particularly suited to appli- 
cations where money has been replaced by tokens or 
punch cards. For example, an application might be a 
mass transit bus system where a pass is purchased that 
is worth some number of rides. The issue is that the 
money replacement items (cards, tickets, tokens, etc.), 
now have a tangible value that can be counterfeited 

As a result, some effort has been put into making 
the money replacement items difficult to counterfeit. 
However, the problem is that iri many cases minimizing 
the counterfeiting problem unduly complicates the sys- 
tem and makes It bothersome for the user. The reason 
that a money replacement system is used is that it is a 
more convenient way of accepting payment and this 
should not be compromised by creating some elaborate 
scheme to prevent fraud. 

In general, the rrioney replacement items must have 
the following characteristics. (1) The replacement item 
must be capable of storing a value that can be increased 
or decreased. (2) The replacement item must be difficult 
to copy (3) It must be difficult to increase the value of 
the replacement item. (4) The value of the replacement 
item must be easily read and verified. (5) It must be easy 
to accept payment for a sen^fce by decreasing the value 
of the replacement item. 

Although the present invention may be used in 
many kinds of money replacement systems, it is partic- 
ularly well suited to mass transit fare collection systems. 
For this application the conventionally used technology 
•Js a card with a magnetic stripe, where the magnetic 
stripe holds the value (stored either in dollars or number 
of rides) of the card. This technotogy fulfills the require-, 
ments 1, 4 and 5 above. It does an adequate job at re- 
quirement 3, but it falls down completely with require- 
ment 2. Magnetic stripe readers and writers are readily 
available. To compromise this system, a counterfeiter 
simply purchases a card worth many rkJes, reads it arid 
copies it at will. Although this is a large problem, some 
mass transit systems do use these cards. To prevent 
fraud, the system that reads the cards and centrals the 
gates, must be designed to discover duplicated cards 



and prevent their use. This is generally a difficult task 
and requires much lime, effort and expense. 

There are systems that have been postulated that 
would fulfill all 5 of the above requirements. In general. 

5 they rely on complex encryption protocols that require 
the money replacement item to have a great deal of 
computing po^er, such as miro-processor driven smart 
card technologies. The result is that these solutions are 
very expensive. 

to There are two parts ol any encryption system. The 
first part is the method of encrypting the data. This is 
generally referred to as an encryption algorithm. The 
second part of the system is how the protected informa- ' 
tion is transferred and how the encryption algorithm fits 

'5 into the system. This is generally referred to as an en- 
cryption protocol. Illustrative embodiments of the 
present inventfon rely on a wktely known, encryption aj- ' , 
gorlthm known as publk: key encryption. What is unique 
about the present invention are the encryption protocol 

20 (i.e. how the encryption algorithm is used) and certain 
aspects of the transponder. 

■One feature of an illustrative, transponder of the 
present invention is its generation of a random number. 
There is an area of the transponder's memory that can 

2S only be written to by the transponder itself. The encryp- 
tion protocol exptoits this feature and public key encryp- . 
tion to produce a system that meets the 5 requirements 
outlined above. 

Aspects of the invention are specified in the claims. 

30 Illustrative embodiments of .the present invention 
seek to provide an encryptbn.'protocol and systerii ar- 
chitecture for use with stored value system employing 

' * radio frequency transponders, and the like, that pro- 
vides a solution to all five of the above requirements 

3S without the expense associated with providing complex 
computational power. 

In order to meet the above and other objectives, an 
embodiment of the present inventran is an encryptton 
protocol (method) and architecture (system) that may 

40 be used in stored value systems that use radio frequen- 
cy transponders. The present embodiment provides a 
system and method for transferring, updating, reporting 
and testing the validity of infornr^tion (values) stored in 
a memory' of a transponder. The uniqueness of the 

4S . present embodiment lies in the protocol or method and . 
the associated transponder architecture or systenri that 
implements the protocol.. 

An embodiment of the system employs an RF trans- 
ponder cornprising a transponder chip including a mern- 

so ory having a plurality ol memory sections that store data 
therein, and an RF antenna for transmitting and receiv- 
ing commands and data. A reader/writer is provided for 
comrinunicating with the transponder by way ol an RF 
antenna A host computer is provided for communicat- 

S5. ing with the reader/writer 'over a communications link, 
and for generating a secret key and a public key. The 
secret key is stored in the host computer and is used to 
generate valida.tk>n signatures tor changing data stored 
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in the transponder. The public key is distributed to the 
readMriter and is used to verify the signatures generat- 
ed by the host computer. The system also includes point 
of sale readerMriters that are used in entrance gates, 
and vending machines, and the like, that are accessed 5 
by the transponder 

The rnemory in the transponder is preferably cfivid* 
ed into a plurality of memory sections, that respectively 
comprise a serial number section that stores a unique - 
serial number for the Irar^ponder, an information sec- to 
tion that stores non-value Information, a current value 
section that stores the current tmonetary or other) value 
of the transponder, a maximum card value section that 
stores the maximum possible value of the transponder 
that is set each lime the value of a transponder is in- ^5 
creased, a random number section that stores a random 
_.number.tha! is generated by the transponder chip, and 
.a signature section that stores the public key signature. 

One aspect of the method comprises increasing the 
value of the transponder by transmitting an increase val- 20 
ue command plus a new desired value for the* trans- 
ponder from the reader/writer to the transponder, storing 
• the new value in a temporary memory buffer of the trans- 
ponder, generating a random number in the transpond- 
er, storing the random number in the random number 2S 
sectton of the memory, and transmitting the random 
number and the serial number stored in the transponder 
to the reader/writer, transmitting the serial number 
stored in the transponder, the random number generat- 
ed by the transponder, and the new desired value from 30 
the readerMriter to the host computer, computing a 
hash function in the host computer based upon the serial 
number stored in the transponder, the random number 
generated by the transponder, and the new desired val- 
ue using a secret key to generate a signature for the 3S 
result, transmitting the signature from the host computer 
to the reader/writer, transmitting the signature from the 
reader/writer to the transponder, and storing the signa- - 
ture in the sigriature section of the memory and the new 
desired value in the maximum value section of the mem- ^ 
ory and the current value section of the memory of the 
transponder 

Another aspect of the method comprises decreas- 
ing a value stored in the transponder by transmitting a 
decrease value command and a desiried decreased val- ^5 
ue from the reader/writer to the transponder, comparing 
at the transponder the desired decreased value to the 
current value stored in the transponder, writing the de- 
sired value into the current value section of the memory 
if the desired value is less than the current value, and so 
generating an error message if the desired value is 
greater thari or equal to the current value. 

■ A further aspect of the method comprises selective- 
ly reporting data stored in predetermined memory sec- 
tions of the transponder memory to the reader/writer by ss 
transmitting a read command from the reader/writer to 
the transponder and transmitting the requested data 
from the transponder to reader/writer. Yet another as- 



pect of the method comprises selectively writing newda- 
ta to an iriformatbn section of the transponder by trans- 
mitting a write command plus appropriate data from the 
reader/writer to the transponder and storing the data in 
the predetermined memory section of the transponder. 

The present method and system are designed for 
use with a secure stored value system, for example. 
With the present method and system, it Is very difTicutt 
to counterfeit a stored value transponder It is difficult to 
copy the contents of a valid transponder to another 
blank card and it is difficult to increase the value of a 
properiy issued transponder Since the stored value siys- 
tem can rely on the encryption protocol to provide pro- 
tection against counterfeit transponders, it does not 
need the complex and expensive capabilities needed to 
prevent fraud. As a result the complexity of the stored 
value system may be greatly reduced. 

The various features and advantages of the present 
invention may be more readily understood with refer- 
ence tothefoltowing illustrative description taken in con- 
junction with the accompanying drawings, wherein like 
reference numerals designate like structural elements, 
and in which: 

Rg. 1 shows an illustrative transponder system that 
Implements an encryption protocol in accordance 
with the principles of the present invention; and 
Figs. 2a-2d are flow diagrams illustrating aspects of. 
an illustrative encryption protocol in accordance 
with the principles of the present invention. 

Referring to thie drawing figures. Fig. 1 shows a 
transponder system 10 that Implements an encryption 
■protocol 20 In accordance with the principles of the 
present invention. There are three basic physical com- 
ponents of the transponder system 10. These include a 
transponder 11 comprising a transponder integrated cir- 
cuit chip 12 that has a memory 13 comprising a plurality 
of memory locations 1 3a-1 3f or sections that store value 
and identiffcatfon data, and an RF antenna 16 coupled 
to the transponder chip 12 that is used to transmit and 
receive the data. A reader/writer 14 communicates with 
the transponder 11 by means of an RF link comprising 
an RF antenna 17 and the RF antenna 16 in the trans- 
ponder 11. The readerAvriter 14 also includes a keypad 
19 or other data entry device 19 that Is used by a user, 
to enter transactional data. The readerAvriter 14 is used 
to issue transponders and lo increase their respective • 
monetary values, as will be describecd below. The sys- 
tem 10 also includes point of sale reader/writers 1 4a that 
are used in entrance gates, and vending machines, and 
the like, that are accessed by. the transponder '11.. The 
point of sale reader/writers 1 4a may have a keypad, de- 
pending upon their use. A central host computer 15 
communicates with the reader/writers 14. 14a. typically 
by way of a hardwired communication link 18 or by 
means of an optional RF communications link I8a The 
central host corhputer 15 is maintained by an appropri- 
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ate transit authority. The authority would be whoever Is 
responsible for the security of the stored value system. 
In the case of a fare collection application, the authority 
could be the company that controls the mass transit sys- 
lera The central host computer 1 5 communicates with s 
the reader/Writers 14 in order to issue transponders 11. 
The host computer is not required (although it is useful) 
to be connected to the point of sale reader/writers 1 4a. 
Security for the system 10 is provided* by a the use of 
the public Key encryption algorithm and the architecture io 
of the present transponder 11 . 

The transit authority uses the public key encryption 
algorithm to generate a secret key/public key combina- 
tion. The secret key is kept in the host computer 15 un- 
der control of the authority and is used to generate val- 
idation signatures. The public key is distributed to the 
reader/writers' 1 4 in the system 10 and is used to verify 
the signatures generated by the host computer 15. The 
transponder 1 1 is designed so it is easy to decrease data 
values stored therein and difficult, without proper au- 20 
thority, to increase the data values stored therein. 

As shown in Fig. 1 . the memory T3 in the transpond- 
er 11 is divided into a plurality of memory sections 1 3a- 
13f, each with a specific purpose. The first sectbn I3a 
Is a serial number sectk)n 1 3a that stores a unique serial 2S 
number for the transponder 1 1 that is written to once and 
is Initialized at the time of manufacture. The second sec- 
tion 1 3b is an information section 1 3b that is used to 
store non-value related information required by the sys- 
terh 10, such as the date the transponder was issued, ^ 
for example. The third section 1 3c is a current value sec- 
tion 1 3c that stores the current value of the transponder 
11. The fourth sectton 13d is a maximum value section 
1 3d that stores the maximum possible value of the trans- . 
ponder 11 that is set each time the value of atranspond- 35 
er 11 is increased. The fifth section 13e is. a random 
number section 13e that stores a random number that 
is generated by the transponder chip 12. The sixth sec- 
tion 13f is a signature section 131 that stores a public 
key signature. 

One unique aspect of the transponder 11 of the 
present invention is that he random number section 13e 
of the memory T3 can only be writteri to by the trans- 
ponder itself. It is believed that this aspect of the present 
Invention has not been employed in prwr transponder ^ 
systems. 

The transponder 1 1 functions as folbws and imple- 
ments the encryption protocol 20 described below. The 
. transponder chip 12 uses the memory sections 1 3a-l 3f 
discussed above to provide several functions in accord- so 
ance with the encryption protocol 20. Figs. 2a-2d are 
flow diagrams illustrating aspects of the encryption pro- 
tocol or method 20 in accordance with the principles of 
the present invention. 

Two' functions provided by the method 20 and sys- 55 
.tern 10 increase 20a and decrease 30 values stored in 
transponder 1 1 . Commands that increase and decrease 
values stored in the transponder 11 are building bk>cks 



that provide system security in accordarKe with the en- 
cryplion protocol 20. 

Ref emng to Rgs. 1 and 2a. to increase 20a a value 
stored in the transponder 11. the following steps in the 
method 20 take place. The reader/writer 14 issues or 
transmits by way of the antenna 17 an increase value 
command plus a newor desired value for the transpond- 
er 1 1 (step 21 ). The transponder 11 responds by storing 
the new value in a temporary memory buffer 19 (step 
22). The transponder 11 then generates a random 
number, stores the random number in the random 
number section 13e and reports both the random 
number and the unique serial number stored in the serial 
number section 13a to the reader/writer 14 (step 23). 
The reader/writer 14 contacts the central host computer 
15 over the communications link 18 and sends a mes- 
sage containing the serial number stored in the trans- 
ponder 11 , the random number generated by the trans- 
ponder 11. and the new desired value (step 24). The 
host computer 15 computes a hash function on the data 
and then uses its secret key and the public keiy encryp- 
tion algorithm to take the result of the hash function as 
an input and generates a signature as an output (step 
25). The signature is sent back to the reader/writer 14 
(step 26). The reader/writer 14 sends the signature to 
the transponder 11 (step27).Thetfansporider11 stores 
the signature in the signature section 1 3f and the new 
desired value in both the maximum value sectiori 13d 
and the current value section 1 3c (step 28). 

Referring to Figs. 1 and2b.todecrease30thevalue 
.- stored in the transponder 11 , the reader/writer 1 4 issues 
or transmits a decrease value command and a new or 
desired value (step 31). The transponder 11 compares 
the desired value to the current value (step 32). If the 
desired value is less than the current value, the trans- 
ponder 11 completes the command by writing the de- 
sired value into the current vajue section 1 3c (step 33). 
If the desired value is greater than or equal to the current 
value, the transponder 11 does not write the new value, 
and generates an error, message (step 34) that is sent 
tack to the reader/writer 14. 

Other functions provided by the method 20 and sys- 
tem 1 0 also include reporting data 40 stored in the trans- 
ponder 11 to the reader/writer 14, as is shown in Figs. 
1 and 2c. This functwn is straightf onward. The reader/ 
writer 14 issues and transmits (step 41) a read com- 
mand to the transponder 11 , which returns or transmits 
(step 42) the requested data by way of the^F link. All 
memory sectbns I3a-13f iri the memory 13 may be 
read and transmitted to the reader/writer 14. The trans- 
• ponder 11 may also write new data 50 to the information 
section 13b of the memory 13, as is shown in Fig. 2d. 
This function is also straightfonvard. The .reader/writer 
1 4 issues and transmits (step 51) a write command plus" 
the appropriate data and the trarisponder 1 1 stores (step 
52) the data in the information section 1 3b of the mem- 
ory 13. 

By way of example, the features outlined above 
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may be used to tmplement a secure fare collection sys- 
tem 10. There are two types of transactions performed 
by a user of this system 10. These are increasing the 
value stored in the transponder 11 and paying for a ride 
■ or other service. Each transaction is summarized below. 
To increase the value stored in the- transponder 11 , 
as shown in Fig. 1 . the user takes the transponder 1 1 to 
a ticket booth where the user prepays for services. The 
paid-in value is transferred to the transponder 11 using 
the increase value command described above. Each 
lime the value of a transponder 11 is increased, the 
transponder 11 generates a new random number. Each 
increase transaction is processed by the host computer 
15 and the signature generated by the host computer 
15 acts as a validation stamp that confimris the authen- 
ticity of the transponder 1 1 and the data. 

To pay for a ride (or other seryce), the reader/writer 

14 at a point o1 sale is used to enforce security and de- 
crease the value of the transponder 11. The sequence 
of events are as follows. The readerAvriter 14 reads the 
information stored in the memory sections 1 3a-1 3f of the 
transponder 11 . The reader/writer 1 4 then computes the 
same hash function as the host computer 15 based on 
the serial number, random number and maximum value 
stored in the transponder 1 1 . The reader/writer 14 uses 
its copy of the public key derived from the host computer 

1 5 to decrypt the signature received from the transpond* 
er 11. The decrypted signature must match the hash re- 
sult the reader/writer 14 has computed. If it does not, 
the transponder 11 is considered fraudulent and the 
reader/writer 14 takes appropriate action, such as re- 
taining the card or informing authorities, for example. If 
the signature matches, the transponder 1 1 is considered 
verified. As a second check, the reader/writer 14 com- 
pares the current value stored in the transponder 11 
against the maximurn value. If the current value is great- 
er than the maximum value, the transponder 11 is con- 
sidered fraudulent and the readerAvriter 1 4 takes appro- 
priate actk)n. After the above two checks been passed, 
thereader/writer 1 4 accepts the card as valkJ and issues 
or transmits a decrease value command to the trans- 
ponder 11. The reader/writer 14 then authorizes the 
transaction to take place. For example, this allows the 
user through the.gate and onto a train or bus. 

The system 10 remains secure despite the possi- 
bility of an attacker acquiring any combinatbn of trans- - 
ponders 11 or reader/writers 14. In the above example, 
the attacker cannot increase the value of a transponder 
■11 because as soon as the transponder 11 receives an 
increase value command, it generates and stores a new 
random number. Until this new random number is 
signed by the host computer 1 5. the point of sale reader/ 
writer 14 will not accept the transponder 11 as valid. 

Thus there has been described a new and improved 
encryption protocol and system architecture for use with 
stored value systems employing radio frequency trans- 
ponders, and the like.* It is to be understood that the 
above<fescribed embodiments are merely illustrative of 



some of the many specific emtKsdiments which repre- 
sent applications of the principtes of the present inven- 
tion. Clearly, numerous and other arrangements can be 
readily devised by those skilled In the art without depan- 
5 ing from the scope of the invention. 



Claims 

10 1. A stored value system comprising: 

an RF transponder comprising a transponder 
chip including a memory having a plurality of 
memoiy sections that store data therein, and 
ts an' RF antenna for transmitting and receiving 

commands and data; 

a reader/writer for communicating 'with the 
transponder by way of an RF antenna; and 
a host computer for communicating with the 
reader/writer over a communications link, and 
that generates a secret key and a public key. 
and wherein the secret key is stored in the host 
computer and is used to generate validation 
signatures for changing data stored- in the 
transponder, and wherein the public key is dis- 
tributed to the reader/Writer and is used to verify 
the signatures generated by the host computer. 

The stored value system of Claim' 1 wherein the 
memory in the transponder is divided into a plurality 
of memory secttons, that respectively comprise- a 
serial number section that stores a unique serial 
number for the transponder, an information section 
' that stores non-value information, a current value 
section that stores the current value of the trans- 
ponder, a maximum value section that stores the 
maximunri possible monetary value of the trans- 
ponder that is set each time the value of a trans- 
ponder is increased, a random number section that 
stores a random number that is generated by the 
transponder chip, and a signature sectton that 
stores the public key signature. 

An encryption method tor use with a stored value 
system comprising a host computer, a reader/writer' 
that communicates with the host computer, and an 
RF transponder that communicates with the reader/ 
writer and which comprises a transponder chip hav- 
ing a memory with a plurality of memory sections, 
and wherein a serial number is stored in one of the 
memory sections, which encryption method pro- 
tects data stored in the memory, saki method com- 
prising increasing the value of the transponder by: 

transmitting ari increase value conrvnand plus 
a new desired value for the transponder from 
the reader/Writer to the transponder 
• storing the new value in a temporary memory 
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buffer of the transponder, 
generating a random number in the transpond- 
er, storing the random number in a random* 
number section of the memory, and transmit- 
ting the random number and the serial number 
to the reader/writer; 

transmitting the serial number stored in the 
transponder, the random number generated by 
the transponder, and the new desired value 
from the reader/writer to the host computer; 
computing a hash function in the host computer 
based upon the serial number, the newly gen- 
erated random number generated by the trans- 
ponder, and the new desired value using a se- 
cret key to generate a signature for the result; 
transmitting the signature from the host compu- 
ter to the reader/writer; 

transmitting the signature from the reader/writ- 
er to the transponder; and 
storing signature in the signature section of the 
memory and the new desired value in the max- 
* imum value section of the memory and the cur- 
rent Value section of the memory of the trans- 
ponder. 

4. The method of Claim 3 further comprising decreas- 
ing a value stored in the transponder by: 

transrriitting a decrease value command and a 
desired decreased value from the reader/writer 
to the transponder; 

comparing at the transponder the desired de- 
creased value to the current value stored in the 
transponder, 

writing the desired value into the current value 
section of the memory if the desired value is 
less than the current value; and 
generating an error message if the desired val- 
ue is greater than or equal to the current value. 



7. The method of Claim 4 further comprising selective- 
ly reporting data stored in predetermined memory 
sections of the memory to the reader/writer by: 

5 transmitting a read command from the reader/ 

writer to the transponder, and 
transmitting the requested data from the trans- 
ponder -to reader/writer. 

10 8. The method of Claim 4 further comprising selective- 
ly writing new data to an information section of the 
transponder by: 
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5. The method of Claim 3 further comprising selective- 
ly reporting data stored in predetermined memory 
sections of the memory to the reader/writer by: 

transmitting a read command from the reader/ . 
writer to the transponder; and 
transmitting the requested data from the trans- 
ponder to reader/writer. 



* The method of Claim 3 further comprising selective- 
ly writing new data to an information section of the 
transponder by: 

transmitting a write command plus appropriate 
data from the reader/writer to the reader/Writer; 
and ' • 

storing the data in the predetermiried memory 
section of the transponder. 
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transmitting a write command plus appropriate 
data from the reader/writer to the reader/writer; 
and 

storing the data iri the predetermined menriory 
section of the transponder. 



